Analysis revealed extra DoS flaws
SafeBreach researchers additionally found CVE-2025-26673 in DC’s Netlogon service, the place crafted RPC calls may crash the service remotely with out authentication. By exploiting this weak point, attackers may knock out a crucial Home windows authentication element, probably locking customers out of area assets till the system is rebooted. Equally, CVE-2025-49716 targets Home windows Native Safety Authority Subsystem Service (LSASS), enabling a distant attacker to ship specifically fashioned LDAP queries that destabilize the service, resulting in fast DoS on the affected host.
Rounding out SafeBreach’s record is CVE-2025-49722, a DoS flaw in Home windows Print Spooler. This bug might be triggered by sending malformed RPC requests that trigger the spooler course of to fail, interrupting printing operations and, in some instances, impacting broader system stability.
Whereas Microsoft has fastened the LDAPNightmare (CVE-2024-49113) and CVE-2025-32724 by means of December 2024 and April 2025 Patch Tuesday releases, respectively, the remaining three of SafeBreach reported flaws stay unaddressed. Microsoft didn’t instantly reply to CSO’s request for remark. To defend towards Win-DDoS and different DoS dangers, SafeBreach urges making use of Microsoft’s newest patches, limiting DC service publicity, segmenting crucial methods, and monitoring for uncommon LDAP or RPC visitors to detect assaults early.
